------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-112 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2010-08-12
Severity: 4
Type: Remote
------------------------------------------------------------------------
Summary
======
Multiple vulnerabilities have been fixed in kernel
Description
==========
CVE-2010-2226:
A flaw was found in the handling of the SWAPEXT IOCTL in the Linux
kernel XFS file system implementation. A local user could use this flaw
to read write-only files, that they do not own, on an XFS file system.
This could lead to unintended information disclosure.
CVE-2010-2248:
A flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker
could send a specially-crafted SMB response packet to a target CIFS
client, resulting in a kernel panic (denial of service)
CVE-2010-2495:
A flaw was found in the pppol2tp_xmit() function in the Linux kernel
l2tp implementation. When transmitting L2TP frames, outgoing interface's
UDP checksum hardware assist capabilities can be NULL, causing NULL
pointer dereference.
CVE-2010-2521:
A buffer overflow flaws were found in the Linux kernel's implementation
of the server-side External Data Representation (XDR) for the Network
File System (NFS) version 4. An attacker on the local network could send
a specially-crafted large compound request to the NFSv4 server, which
could possibly result in a kernel panic (denial of service) or,
potentially, code execution.
CVE-2010-2537:
The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls should check
whether the donor file is append-only before writing to it.
CVE-2010-2538:
The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer overflow that
allows a user to specify an out-of-bounds range to copy from the source
file (if off + len wraps around).
CVE-2010-2798:
The problem was in the way the gfs2 directory code was trying to re-use
sentinel directory entries. A local, unprivileged user on a gfs2 mounted
directory can trigger this issue, resulting in a NULL pointer
dereference.
Affected packages:
Pardus 2009:
kernel, all before 2.6.31.13-131-47
kernel-pae, all before 2.6.31.13-131-28
Resolution
=========
There are update(s) for kernel, kernel-pae. You can update them via
Package Manager or with a single command from console:
pisi up kernel kernel-pae
References
=========
* http://bugs.pardus.org.tr/show_bug.cgi?id528
* http://bugs.pardus.org.tr/show_bug.cgi?id648
* http://bugs.pardus.org.tr/show_bug.cgi?id750
* http://bugs.pardus.org.tr/show_bug.cgi?id753
* http://bugs.pardus.org.tr/show_bug.cgi?id895
* http://bugs.pardus.org.tr/show_bug.cgi?id903
------------------------------------------------------------------------